Forti VPN連不上-- 'The server you want to connect to requests identification. Please choose a certificate and try again ( -5)'

 原本很舊的Forti防火牆升級後，有一些人的VPN就無法連線了，本來以為跟client端的vpn程式版本有關，因為公司內有4、5、6、7四種版本。

但後來發現這4個版本也都有不同的使用者可連上VPN，所以不是這個問題。

所以就用就錯誤訊息去查

後來是直接去IE的網際網路選項中，在進階設定裡把TLS1.1跟1.2打勾，就可以解決這個問題了。

Forti VPN cannot connect - 'The server you want to connect to requests identification. Please choose a certificate and try again (-5)'.

After upgrading an outdated Forti firewall, some people were unable to connect to the VPN. Initially, I thought it might be related to different versions of the VPN client software (versions 4, 5, 6, and 7) used within the company.

However, I later discovered that users with all four versions were able to connect to the VPN, so that wasn't the issue.

To troubleshoot, I investigated the error message further.

Eventually, I found that the solution was to go to the Internet Options in Internet Explorer and enable TLS 1.1 and 1.2 in the advanced settings. This resolved the problem.

卡巴斯基安全管理中心資料備份和還原程式 無法備份

 在升級卡巴斯基安全管理中心前，官方文件建議要用內建的資料備份和還原程式(Program Files (x86) Kaspersky Lab Kaspersky Security Center klbackup .exe)先做備份。

但在按下備份時，程式就會直接關閉，無法備份，沒任何訊息。

然後在事件檢視器裡，就找到一個相關的錯誤訊，原因是因為在執行備份時，會需要連上db，但目前登入的帳號是網域帳號，但當初安裝時是用本機帳號，所以會連不上db做備份，這時只要改用原本安裝的帳號來執行就可以備份了。

Before upgrading the Kaspersky Security Center, the official documentation recommends using the built-in data backup and restore program (Program Files (x86) Kaspersky Lab Kaspersky Security Center klbackup.exe) to perform a backup.

However, when pressing the backup button, the program immediately shuts down without any error message, making it impossible to create a backup.

Upon checking the Event Viewer, an error message related to the issue was found. The reason for this error is that during the backup process, a connection to the database (db) is required. However, the current logged-in account is a domain account, while the initial installation was performed using a local account. As a result, the backup process fails to establish a connection to the database. To resolve this issue, it is necessary to execute the backup using the original account used during installation.

卡巴斯基防毒的相關文件

 http://i-services.info/kaspersky/

代理商有個網站上面有相關的教學分享，不錯用。

Fortigate 免費的2個token刪除後無法加回..無法存取forti care

 Fortigate 本身就有含兩個token授權，可以指派其兩個帳號，做雙因子驗證使用。

在測試時，設備本身有簽維護，但版本很舊，在設定時發生一些狀況，後來就把它給刪了，想說應該可以重新加回來，上網找了一下，可以用全都是0的預設設號匯入就行了。

結果~不行，然後有一個按鈕是寫重新下載授權，按下去就跳出無法存取forti care，一整個搞不定。

明明就有維護，還不給我存取，最後就依廠商建議，系統太舊原廠不支援，升級到最新試試，就可以了。

After deleting the two free tokens on FortiGate, I couldn't add them back, and I couldn't access FortiCare.

FortiGate itself comes with two token licenses, allowing for the assignment of two accounts for two-factor authentication purposes.

During testing, the device had an existing maintenance agreement, but it was running on a very outdated version. While configuring it, some issues occurred, so I decided to delete it, thinking that I could add it back later. I searched online and found that I could import a default configuration with all zeros.

However, it didn't work. There was a button labeled "Re-download License," but when I clicked it, it showed an error message saying it couldn't access FortiCare. It was quite frustrating.

Despite having an active maintenance agreement, I was denied access. Finally, following the vendor's suggestion, I upgraded the system to the latest version, and that resolved the issue.

連兩週結算日翻船啊

 連續兩周的OP週結算都來個V轉，本來當週都有機會賺錢，最後都賠了。

結算日雙賣，做錯邊，基本上就跟做小台差不多的賺賠啊。

選擇權下單真是亂啊

 選擇權不像股票或期貨，今天你買了一張，如果又賣一張，帳戶就是0庫存。

但選擇權是可以同時存在買跟賣，所以下單前要先確認好現在是新倉還是平倉的選項，三不五時就會因為這個事情下錯單，真的很不爽，會因此產生不必要的虧損。

還有結算日時，明明要下結算日的合約，有時也會不小心下到新合約。

有時後就是因為這樣，原本當天要小賺的，就變小賠，白做工，真的要小心一點才行。

Teams 登入失敗 Error Code caa20002

 突然多位user的Teams登入失敗，錯誤代碼都是caa20002。

這些登入失敗的電腦，都是win7，但又不是每一台win7都有這個問題，有點奇怪。

後來找了幾台不同的電腦測試後，才發現原因。

主要是因為IE的關係，要IE11才能正常登入Teams程式，其他比較低階的版本，都會失敗。

很討厭的問題，因為錯誤訊息根本跟IE沒關係，很難查原因。

Teams Login Failure with Error Code caa20002

Multiple users suddenly encountered login failures in Teams, with the error code caa20002.

Interestingly, these login issues were observed on computers running Windows 7, but not every Windows 7 device was affected, which seemed puzzling.

After conducting tests on several different computers, the root cause was identified.

The problem primarily stemmed from Internet Explorer (IE) compatibility. Teams application requires IE11 to function properly, and lower versions of IE would result in login failures.

This issue was frustrating because the error message provided no indication of an IE-related problem, making it difficult to identify the cause.

CentOS 建立有root權限的帳號

 因為不想讓其他人有root的密碼，但又需要root權限工作，所以需要建立一個有root權限的帳號。

帳號建好後，執行下列指令，讓該帳號能用sudo，又不需要輸入任何root密碼，就可用root權限工作。做完在把該帳號停用就好了。

[root@test ~]# visudo

在裡面找到下列這行

root    ALL=(ALL)       ALL

在底下加入其他用戶

newuser     ALL=(root) ALL  

存檔離開，然後newuser就可以在不輸入密碼的情況下執行sudo指令，達到有root權限的目的。

Creating a Root-privileged Account on CentOS

To prevent sharing the root password with others while still needing root privileges, it is necessary to create an account with root privileges.

Once the account is created, execute the following command to allow the account to use sudo without entering any root password, enabling it to perform tasks with root privileges. Afterward, the account can be deactivated.

[root@test ~]# visudo

Find the following line within the file:

root ALL=(ALL) ALL

Add the desired user below it:

newuser ALL=(root) ALL

Save the changes, exit the file, and then the newuser can execute sudo commands without entering a password, achieving the goal of having root privileges.

HPE switch reset 重置

 最近買了HPE的switch，然後在設定時設定錯了，造成登入後沒權限做任何設定的調整，只能做設定的重置。

但現在的switch已沒有實體的reset鍵，只好透過官網提供的方式來reset。

首先，先重開switch，在重開的過程中會提示，可以按下Ctrl+B進入進階的開機選單中

進到進階開機選單後，就先選7，這是讓你下次重開機後，會跳過原本的設定檔，就像新機一樣，這時就可以重新建立一個新的帳號，給他最高的權限，然後存檔覆蓋原本的設定檔，再重開機，就可以用新建的帳號進去了。

下面是原廠提供的操作畫面，可以參一下。   

    BOOT  MENU    

1. Download application file to flash  

2. Select application file to boot  

3. Display all files in flash  

4. Delete file from flash  

5. Modify bootrom password  

6. Enter bootrom upgrade menu  

7. Skip current configuration file  

8. Set bootrom password recovery  

9. Set switch startup mode  

0. Reboot    

Enter your choice(0-9):      

Enter 7 (Skip current system configuration) and restart the switch (opcion 0). The switch reboots with empty configuration, and can log in through the console port without entering the password to check the configuration file for the user password.

Enter your choice(0-9): 7  

The current setting will boot with current configuration file when rebooted.  

Are you sure you want to skip current configuration file when reboot? Yes or No [Y/N] y  

Setting......done!              

    BOOT  MENU    

1. Download application file to flash  

2. Select application file to boot  

3. Display all files in flash  

4. Delete file from flash  

5. Modify bootrom password  

6. Enter bootrom upgrade menu  

7. Skip current configuration file  

8. Set bootrom password recovery  

9. Set switch startup mode  

0. Reboot    

Enter your choice(0-9): 0    

Starting......      

選擇權操作-202206w5-沒想到還有w5

 本來想七月才重新開始，這周就可以來交易了。

沒想到這周只是6月w5~那就繼續忍吧，當作是在考驗自己的紀律。